0x5t4l1n/BURP-AI
1
0
Fork 0
mirror of https://github.com/th30d4y/BURP-AI.git synced 2026-05-26 19:36:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
copilot/update-security-file
BURP-AI/CHANGELOG.md
T

4.6 KiB
Raw Permalink Blame History

CHANGELOG

All notable changes to BurpAI will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.0] - 2026-03-23

Added

Core Features

  • AI-Powered Analysis: Integration with multiple AI models (Kimi, DeepSeek, GLM, Qwen, LLaMA, Mistral, etc.)
  • Chat Interface: Interactive chat display with message history and timestamps
  • HTTP Capture: Real-time HTTP request/response capture via IHttpListener
  • Context Menu Integration: Right-click "Send to BurpAI" functionality in Proxy, Repeater, and Target tabs
  • Native Repeater: Built-in request/response editor using Burp's native message editors
  • History Table: Complete request history with method, host, path, and status columns

Security & Configuration

  • API Key Management: First-load dialog for API key configuration
  • Persistent Storage: Secure configuration storage in ~/.burpaai/config.json
  • Model Selection: Dropdown to switch between 11 supported AI models
  • Auto-Analysis: Optional automatic analysis checkbox for captured requests

UI/UX

  • Professional Dark Theme: Dark mode interface matching Burp Suite aesthetics
  • Responsive Layout: BorderLayout with horizontal/vertical split panels
  • Toolbar: Compact toolbar with API key input, model selector, and status indicator
  • Split Panes: Resizable panels for chat, history, and repeater sections

Technical

  • Threading: Non-blocking async operations using Java threading
  • Error Handling: Comprehensive try-catch blocks with detailed logging
  • Jython 2.7 Compatible: Full compatibility with Jython 2.7 in Burp Suite
  • Memory Optimized: Configurable history limit (default: 1000 entries)
  • Clean Imports: Explicit Java/Swing imports without generic java. prefix

🔧 Fixed

  • Fixed HTTP capture not triggering (IHttpListener properly registered)
  • Fixed chat display null pointer exceptions
  • Fixed Jython module caching issues with defensive getattr() wrappers
  • Fixed API key loading on first run
  • Fixed message editor initialization errors

📚 Documentation

  • README.md - Comprehensive setup and usage guide
  • DISCLAIMER.md - Legal notice and warranty disclaimer
  • SECURITY.md - Security policy and vulnerability reporting
  • COLLABORATION.md - Contribution guidelines
  • CHANGELOG.md - This file

🔐 Security

  • No known vulnerabilities at release
  • All third-party dependencies reviewed
  • HTTPS-only API communication
  • Input validation and sanitization
  • No telemetry or external tracking

📦 Dependencies

  • Python 2.7+ (via Jython)
  • Burp Suite API (IBurpExtender, ITab, IHttpListener, IContextMenuFactory)
  • Java 8+ (Swing, AWT components)
  • urllib2/urllib (HTTP requests)

🚀 Known Limitations

  • Jython 2.7 limits some Python 3 features
  • AI responses depend on selected model quality
  • API rate limits apply (model/vendor specific)
  • Local storage of chat history (not encrypted)
  • Single API key per extension instance

🎯 Future Roadmap

  • Multi-API support (rotate between providers)
  • Encrypted local storage for chat history
  • Export analysis reports (PDF, JSON)
  • Custom prompt templates
  • Multi-language support
  • Machine learning for pattern recognition
  • Integration with other Burp plugins
  • Web UI alternative

💻 Installation

  1. Download burpaai.py
  2. In Burp Suite: Extensions → Add → Select file
  3. On first load: Enter your AI API key
  4. Start analyzing requests!

🙏 Contributors

Initial release developed with focus on:

  • Production-grade code quality
  • Jython 2.7 compatibility
  • Professional UI/UX
  • Security best practices
  • Comprehensive documentation

Versioning

  • 1.0 (March 23, 2026) - Initial public release

Semantic Versioning

  • MAJOR (1.0.0): Breaking changes or major new features
  • MINOR (1.0.0): New features, backward compatible
  • PATCH (1.0.1): Bug fixes, no new features

Release Schedule

  • Security patches: As needed
  • Minor updates: Every 2-4 weeks
  • Major updates: As warranted by community feedback

How to Report Issues

Found a bug? Please report it on GitHub Issues

Include:

  • BurpAI version
  • Burp Suite version
  • OS and Python version
  • Steps to reproduce
  • Error logs/stacktrace

Security Updates

Security vulnerabilities should be reported privately. See SECURITY.md for details.

Last Updated: March 23, 2026
Current Stable Release: 1.0

Reference in New Issue View Git Blame Copy Permalink